Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
edit:
July 9th, @09:59AM
| reply to stevech0
Re: Most Rugged Wireless Router Out There?
Concur throttling applications is desirable but hard to effectively do unless spending some serious coin including a more expensive unit and then yearly services $$ for Program control..
Certainly give Stevo's suggestion a try as the cost is minimal and it may be effective enough. You could accomplish this partially through a managed switch by applying rate limiting either up or down or both to each port connected (especially the offending ports).
Food for thought is that by reducing throughput so that downloading is inhibited but normal browsing and email is not seriously affected may be the way to go (at least until abusers smarten up).
I would look at a zywall 2wg or 5 (or 35 for dual wan scenario) which would allow you to have up to three separate DHCP serving zones on the go (one standard LAN and two lan type zones). Some basic throughput control (by IP, range of IPs, by LAN zone, sby ervice etc. Bluecoat based content filtering service is relatively cheap (--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
avsrock90
join:2003-08-25
Berkeley, CA
 ·SONIC.NET
| I've tried DD-WRT Lite on a wrt54G, it wasn't reliable at all for me; kept going down.
Anav, when you say "One standard LAN and two lan type zones," what are you referring to when you say lan type zones?
A more general question: Zyxel only markets two products as "routers" and they are prosumer level products. Their products which are officially titled "firewalls" seem to keep being suggested. Why the difference in terminology? From what I've seen here, it seems as though the Zywall 2WG, etc will essentially function like a traditional "router" except with some added goodies. |
|
stevech0
join:2006-09-17
San Diego, CA
 ·RoadRunner Cable
 ·VoicePulse
edit:
July 9th, @11:36PM
| said by avsrock90  :I've tried DD-WRT Lite on a wrt54G, it wasn't reliable at all for me; kept going down. DD-WRT is super-reliable for me. But I use an older revision of DD-WRT mini and I use a WRT54G version 2. I think a WRT54GL would do well.
I have a ZyXel 2WG (WiFi+Ethernet). It's oriented around VPN services and dual-WAN fall-back, and even dial-up fall back. Overkill for most residential uses. I found it for $180. Includes support for 3G cellular wireless (HSPDA and EV-DO RevA), however the latter isn't working for me yet due to ZyXel firmware issues. |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
edit:
July 10th, @06:27AM
| reply to avsrock90
Actually besides the P6 series which is combined modem router stuff (yuchhh)
They have a VPN (IPSEC) firewall router class (ZYWALL) which covers SOHO to Medium Business, then a USG VPN (IPSEC AND SSL) object oriented firmware CLass for small business to Enterprise. Then they have the home routers which were known as the P3xxx prestige series which they have since gone to the NBG series.
The zywall lineup of which you ask, is very easy for the layperson to configure (like me) with an easy gui and firewall rules and menus. Basically besides the normal LAN, you can configure two other Lan type zones (they are hard named as DMZ and WIFI) but they can be used for any purpose - simply DHCP serving lan type zones. In the basic firewall menu you delineate the packet flows between all the zones including the internet.
One then can use firewall rules, to create accesses as desired between zones and internet.
For example I may have my private LAN as normal, then have an AP on the DMZ with no wifi security that only has access to the internet (for guests) and then a public FTP server on the third zone that again only has access to the internet but I have a firewall rule that allows one IP from the private LAN to access the FTP server (one way access).
Although the ZyWALL units do not have VLAN capability, the zone approach is actually quite useful and perhaps easier for the soho scenario.
I have pushed for the home series to get this capability and what came of it was a unit with guest wifi. The NBG334W provides a separate guest wifi from the wired LAN and Lan associated wifi. Not as far as I would have liked but certainly does address some sharing and privacy issues at the home front - either guest usage or putting not WPA capable devices on the internet without compromising the private lan.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
avsrock90
join:2003-08-25
Berkeley, CA
·SONIC.NET
| We've been going through a heat wave here, and I have a feeling that is causing some of our problems. (Not that this realization has persuaded me not to make a move).
Yesterday our Siemens DSL modem was boiling hot, and I'm wondering if it is not able to hang with the load it's receiving either. Is there an analagous upgrade for a DSL modem (the firewall with the modem built in sounds all well and good until we switch to cable)?
Thanks everyone for your help so far. |
|
tubbynet
more voices, more choices
Premium
join:2008-01-16
Mesa, AZ
 ·Sprint Mobile Broa..
·Cox HSI
·FrontierNet Intern..
edit:
July 12th, @10:18AM
| Just a quick heads up with the Cisco gears:
If you are looking for gigabit to the desktop with Cisco switches, you are probably looking for something similar to a Catalyst 2960. They make a 24- and 48-port gigabit model and can be found here...
»www.cisco.com/en/US/products/ps6···son.html
Bear in mind that they don't make a gigabit PoE model 2960. If something like that is required, I would look at the 3560G PoE models, but be prepared to pay (something along the lines of $3000 and up). These may be pricey, but I have seen the stability, and it is good. I can't vouch for any of the Zyxel products as I have not played with them. In the interest of full disclosure, I do work as a network engineer for a Cisco partner.
Gigabit to the router is something that can be debated. Most of my installations don't have a gigabit router unless they have a WAN link faster than 60-70 megabit or so. Couple this with the fact that the first router with available gigabit backplane space is the Cisco 2821 ISR. Not too cheap, depending on the configured options but it will be more expensive than your switch.
I would recommend something like a Cisco 887 (or the older 877) to suit your needs. It will replace your existing ADSL modem as it will terminate directly on your incoming phone line. From there you can run QoS, filtering/firewall, use it as a remote access VPN server, and a host of other options. This unit can be had for around $300 or so on eBay (at least the 877 can be), but I would recommend a SmartNET contract on the device for a warranty).
On a side note, if you are running A LOT of traffic through your router, it will become hotter, especially if it is running near max most of the time from your Torrent-users. Obviously, the only solutions here are to remove the offenders, or beef up your router/switch combo so as to handle the traffic.
As always, YMMV...
q. |
|
avsrock90
join:2003-08-25
Berkeley, CA | I see some discussions out there saying that the 887 (at least,perhaps the 877 too) has a pretty steep learning curve, True?
I don't wanna leave the people after me with something they can't understand or use.
Thanks. |
|
tubbynet
more voices, more choices
Premium
join:2008-01-16
Mesa, AZ
·Sprint Mobile Broa..
·Cox HSI
·FrontierNet Intern..
| the initial configuration is pretty steep if you have never worked with a cisco device in the past. cisco routers were originally "enterprise class" devices that allow for the most granularity in configuration as possible. even though the smaller, "SOHO" or "branch" routers cannot handle that same throughput, they are built using similar code (modified for hardware) as what is running on enterprise routers or internet backbone routers. if you are unfamiliar with cisco, then it will be difficult, however support is readily out there. between this site's cisco fourm (»Cisco) and links on techrepublic, velocity reviews, and the cisco site itself, many (if not all) of your questions can be answered.
it is a large leap to take. i do not advise making your choice simply because the device says "cisco". they do make rock solid devices, but the configurations can be tricky. i have exclusively cisco devices in my network and have not any hiccups besides what i bork up on configuration changes. however, i'm sure that people like Anav will tell you that Zyxel devices are just as reliable, which i'm sure is close to the case. i just can't personally vouch for them as i have never used them. cisco has taken a step into the "gui" direction with the introduction of the Security and Device Manager (SDM), which allows configuration of the router through point-and-click interactions, but even this is more advanced than your typical linksys firmware (more information can be found by going to »www.cisco.com/go/sdm).
the choice is ultimately up to you. but you have voiced considerations of cisco devices. i am simply providing you the information and my experiences with the stability and performance that i have seen in the over (1000) sites that i have deployed gear in. if the configs are tight, so is your network.
q. |
|
avsrock90
join:2003-08-25
Berkeley, CA | Thanks for the info, didn't mean to criticize. |
|
